Solved: Need a Splunk App for McAfee that uses Splunk Add-...

ggb667 · ‎01-21-2020

Hello. I plan on installing the Splunk Add-on for McAfee and i need to monitor:

McAfee Endpoint Security for Linux Firewall 10.6.6 105
McAfee Endpoint Security for Linux Threat Protection 10.6.6 107
McAfee Agent for Linux 5.6.2
McAfee Policy Auditor Agent for Linux 6.4.3
Asset Configuration Compliance Module - LNX 3.2.4

I was hoping for a "Splunk McAfee App" that would go hand in hand with the "Add-On" for visualizations, but all I'm finding are bits and pieces here and there. Is there an app for this, or am I going to have to build this myself and rely on my own Splunk Deployment Monitor derived components for monitoring McAfee components?

I'm new to apps and add-on components for Splunk.

Thanks

PavelP · ‎01-21-2020

McAfee Agent reports to ePO so what you need is to send ePO logs to Splunk. Not sure about Policy Auditor and Compliance Module though

View solution in original post

PavelP · ‎01-21-2020

McAfee Agent reports to ePO so what you need is to send ePO logs to Splunk. Not sure about Policy Auditor and Compliance Module though

Need a Splunk App for McAfee that uses Splunk Add-on for McAfee

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

Are you a member of the Splunk Community?

Need a Splunk App for McAfee that uses Splunk Add-on for McAfee

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR